CVE-2023-2063: Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
First published: Fri Jun 02 2023(Updated: )
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric FX5-ENET/IP Firmware | ||
| Mitsubishi Electric FX5-ENET/IP Firmware | ||
| Mitsubishi Electric SW1DNN-EIPCT-BD | ||
| Mitsubishi Electric SW1DNN-EIPCT-BD | ||
| Mitsubishi Electric RJ71EIP91 | ||
| Mitsubishi Electric RJ71EIP91 | ||
| Mitsubishi Electric SW1DNN-EIPCTFX5-BD | ||
| Mitsubishielectric Sw1dnn-eipctfx5-bd Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-2063.
Which software is affected by this vulnerability?
The Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP are affected.
What is the severity of CVE-2023-2063?
The severity rating for CVE-2023-2063 is 7.3, which is considered high.
What is the impact of this vulnerability?
This vulnerability allows a remote unauthenticated attacker to cause information disclosure and tampering.
Are there any fixes or patches available for this vulnerability?
Please refer to the vendor's website for the latest updates and patches to address this vulnerability.
- collector/nvd-latest
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishi electric fx5-enet/ip firmware
- canonical/mitsubishi electric sw1dnn-eipct-bd
- canonical/mitsubishi electric rj71eip91
- canonical/mitsubishi electric sw1dnn-eipctfx5-bd
- canonical/mitsubishielectric sw1dnn-eipctfx5-bd firmware